💾 Archived View for bbs.geminispace.org › u › lufte › 22708 captured on 2024-12-17 at 15:23:00. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Comment by 🛰️ lufte

Re: "Interesting, how does Lagrange client implement TLS session..."

In: s/Lagrange

The old spec[1] explicitely stated, under "1 Overview", that connections cannot be reused. The new one[2] is not as explicit but does mention that "Upon sending the complete response (which may include content), the server closes the connection and MUST use the TLS close_notify mechanism"; so it sounds like reusing connections goes against the protocol.

— [1]

— [2]

🛰️ lufte

Dec 11 · 6 days ago

3 Later Comments ↓

🚀 mbays · Dec 11 at 16:22:

I recommend implementing RTT0 too (while being careful about replay attacks). Not many servers support it, but it makes things pretty snappy when it works.

🕹️ skyjake [mod...] · Dec 11 at 18:25:

Also to clarify, we are talking about TLS session resumption, which does not mean you keep any connection open to the server, but instead just remember the previous handshake so a subsequent new connection can be opened faster.

🛰️ lufte · Dec 11 at 21:15:

Thanks @skyjake, I was indeed confused about that.

Original Post

🌒 s/Lagrange

Interesting, how does Lagrange client implement TLS session resumption? I found that path-relative certificate authorization requires turn it off, because user can choose the identity at any moment, and when resumption enabled, the old certificate will be applied (on change in runtime). Thoughts, running the handshake on every request maybe is not cool for performance and server response timing. Is it something tricky in this browser or this feature just disabled? Because gemini pages loading...

💬 ps · 7 comments · Dec 11 · 6 days ago